Method and apparatus for secure communications
A method of managing a key for encrypted communication over a communication link between first and second modems, each modem having respective first and second master keys. A first key material for the first modem is transmitted to the second modem in an encrypted message using the first master key, via a time divided frame over the link. Upon receipt, a second key material is generated at the second modem and is sent to the first modem. Then, at each of the first and second modems, session keys are generated based on the key materials, preferably using a hashing algorithm. An encryptor at the first modem and a decryptor at the second modem are programmed with an identified key and a session key. Encryption is enabled at the first modem and information is transmitted in encrypted frames using the identified key. The second modem receives and decrypts the encrypted frames when frames with the identified key are received.
Latest Patents:
- METHODS AND COMPOSITIONS FOR RNA-GUIDED TREATMENT OF HIV INFECTION
- IRRIGATION TUBING WITH REGULATED FLUID EMISSION
- RESISTIVE MEMORY ELEMENTS ACCESSED BY BIPOLAR JUNCTION TRANSISTORS
- SIDELINK COMMUNICATION METHOD AND APPARATUS, AND DEVICE AND STORAGE MEDIUM
- SEMICONDUCTOR STRUCTURE HAVING MEMORY DEVICE AND METHOD OF FORMING THE SAME
1. Field of the Invention
The present invention concerns communication systems that exchange data via wired or wireless links, using modems at different communicating locations. In particular, the invention concerns a method and apparatus for providing communication security for data exchange between modems engaged in point-to-point or point-to-multipoint communications in bidirectional or unidirectional modes. The invention in particularly adapted to provide secure communications in a mobile environment where any of a variety of modulation and encoding techniques, and encryption algorithms, may be used.
2. Description of the Related Art
Conventional communications over wired and wireless links, including satellite links, are provided at high speeds with the use of a variety of modulation and encoding techniques. However, such communications are subject to intrusion and detection of their content. Broadcasts over the air, even at high speeds, can easily be detected with conventional reception equipment, and even communications over wire can be inductively detected in well known ways. Ordinarily, the data being transmitted, which may be voice, video or data, may contain sensitive information that the originators wish to have protected against unauthorized access. In order to protect the information, encryption techniques are known to be used. Currently, encryption may be provided using commercial encryption standards, such as those that rely upon the standard AES algorithms, including the current AES-128 standard techniques. Implementation of such techniques requires the establishment of a “key” at each of the communicating locations and the exchange of such keys in a secure manner so that only authorized access to the transmitted data can be assured. Data is encrypted using the key and, typically, decrypted using the same key, though different keys may be used as is known in the art. Key generation and exchange must be effectively implemented. Moreover, in order to enhance security, the key must be changed periodically, requiring a rollover of the keys in order to protect against intrusion and attack on the security of the system. Well-known ways to-perform key exchange and authentication include those based on Diffie-Hellman, elliptical curve cryptography and RSA. As part of the key generation and exchange process, the modems must be authenticated.
However, the encryption process adds additional overhead to the transmission, thereby rendering the communication less efficient and incurring higher costs. Moreover, in an environment which is subject to link outages, such as wireless mobile communications or satellite communications, interruption of the communication requires reestablishment of the encryption parameters between communicating modems, which may involve additional inefficiencies. Where an outage is experienced and bit errors and data loss occurs, resynchronization requires manual procedures or automated techniques that require a significant amount of time to detect loss of crypto sync, exchange messages and re-initialize the crypto states. Further, global time synchronization may be required to serve as seeds in encryption operations or to help in synchronizing changes in keys.
In a conventional system, communication includes both data carried over a user channel as well as overhead information carried on a separate overhead channel. This is true for both bidirectional and one-way links as well as fixed and mobile networks. Transmissions may be in burst or continuous form. Typically, the overhead and data information are multiplexed and transmitted in encrypted form using the encryption algorithm. However, the communication of encryption information is conducted out of band. In addition, there is a need for external key management, including key generation, distribution and rollover.
The complexity of a system having multiple modems is increased where all communications among the modems must be encrypted. Moreover, when encryption keys are to be exchanged, on a session basis, added inefficiencies will arise.
Further, since encryption information is sent out of band on a separate channel, this information remains vulnerable to attack since its communication is not itself encrypted.
Accordingly, there is a need to have a secure modem design that is effective in providing communications security for data exchanged between two modems, involves low overhead, and uses standard algorithms, but nonetheless, is robust against bit errors and link outages, particularly in mobile and wireless applications. Further, there is a need to provide a system using secure modems that provides mutual identification and authentication, as well as automated, over the air dynamic encryption key generation, exchange and rollover.
SUMMARY OF THE INVENTIONA method of establishing a key for encrypted communication over a communication link between a first and a second modem, where each modem has a respective first and second master key. In first exchanging a key, frame encryption is disabled and a key identifier (“key Id”), which represents a respective one of several encryption keys, is set to a first value. Then, a first key material is generated for the first modem and a message that is encrypted using the first master key is transmitted from the first modem to the second modem via an encrypted frame over the link, the message comprising the first key material. At the second modem, the first key material is received and a second key material is generated. Then, session keys are generated at each of said first and second modems, based on the respective session keys and, preferably, using a hashing algorithm. An encryptor at the first modem is programmed with a second key Id and said session key, and a decryptor at the second modem is programmed with the second key Id and the session key. Encryption is enabled at the first modem and information is transmitted in encrypted frames using the key represented by the second key Id. The encrypted frames are received at the second modem and the encrypted frames are decrypted when frames with the key represented by the second key Id are received.
A method of generating a new key for encrypted communication over a communication link between a first and a second modem, where each modem has a respective first and second master key. A first key material is generated for the first modem and a second of a plurality of pre-established key Id signals, each representing a respective key for use in encrypting at least a part of a frame of transmitted data, is selected. A frame of data that is encrypted using a key represented by a first key Id signal and contains a message that is encrypted using said first master key is transmitted, the message comprising the first key material and the second key Id signal, from the first modem to the second modem over the link. The first key material is received at the second modem and a second key material is generated. Then, session keys are generated at each of the first and second modems on the basis of the session keys. An encryptor at the first modem is programmed with a second key Id and the session key, and a decryptor at the second modem is programmed with the second key Id and the session key. Encryption at the first modem is switched to the second key Id and information is transmitted in encrypted frames using the second key Id. The encrypted frames are received at the second modem, and the received frames are decrypted using a key represented by the first key Id. Finally, there is switching to the key represented by the second key Id based upon receipt of a frame with the second key Id.
A method of secure transmission, from a first modem to a second modem over a communications link, of user information in a first channel that is represented by overhead information in a second channel. First, an encryption key is generated at a key manager. Then, content for a third channel containing at least one encryption key is generated. The content of the first channel, the second channel and the third channel are multiplexed to create a multiplexed output signal. Finally, the multiplexed output signal is encrypted, using the encryption key to generate an encrypted signal, and the encrypted signal is transmitted over the communications link.
Hardware in the form of a system or secure modem for implementing the foregoing methods.
A conventional satellite-based mobile system is illustrated in
An exemplary embodiment of a system that may employ a secure modem-based communication is illustrated in
An illustration of the architecture of a secure modem 200, which is useable as modem 122, 132 in the system of
The output of the exemplary modem 200 in
More specifically, according to an exemplary embodiment of the invention, each modem 200 may have a choice of several keys for use in encrypting information input on various user and control channels. Further, as a matter of enhanced security, each modem may dynamically change the current key, as subsequently disclosed. The key number would serve to identify which key has been selected for use in encrypting a particular subframe.
The modem subframe also includes overhead channel data 332, which has been extracted from the overhead channel 260 in
The modem subframe comprises N bytes, and includes a combination of the subframe header 331, overhead channel data 332, embedded channel data 333 and user channel data 334. In an exemplary embodiment, all N bytes are encrypted according to the published Advanced Encryption Standard (AES), preferably the AES-128 standard operating in the cypher feedback mode (AES-128/CFB). Importantly, the entire combination of overhead channel data, embedded channel data and user channel data are encrypted. While the illustrated frame format in
Indeed, the first N bytes of each subframe are encrypted and parts of the subframe header may not be encrypted. The number N is configurable, and may be less than or equal to the size of the subframe. In any event, given the assumption that the AES-128/CFB standard will be used, according to the exemplary embodiment, the number of bytes N would be a multiple of 16, having a content of 128 bits. However, as would be understood by those skilled in the art, the number of bytes need not be a multiple of 16. Moreover, as would be understood by those of ordinary skill in the art, a different arrangement would be possible given the use of a different encryption standard.
The limitation on the number N in the present exemplary embodiment is based upon the present requirements of the AES-128/CFB encryption algorithm that subframe data be broken into 16-byte blocks, PT[0], PT[1]. . . PT[M], where the designation “PT” refers to “plain text” blocks. The first M blocks get encrypted, where M equals N/16. Each block PT[n] is encrypted to create a cypher text block CT[n]. In such case, CT[n] is equal to PT[n] XOR KS[n]. In this case, KS[n] equals AES-Encrypt(CT[n−1], KEY). Here, certain bits of the key stream, as they appear in KS[0] are set to 0. These bits should at least cover the KeyNum field in the standard. In this encryption arrangement, CT[−1] is equal to CT[M−1] of the previous subframe. However, for the first subframe, CT[−1] is set to a random value.
An illustration of an exemplary AES/CFB (cypher feedback mode) encryption operation is provided in
While the cypher text block [M−1] is provided at the output of each processing of a subframe to the input of the processing of a subsequent subframe, it should be noted that at the start, the input to the first subframe is created by a random generator and provided at line 401. The reason for using the prior cypher text block as an input to the encryption operation on a given subframe, as understood in the art, is that if PT[0] is all zeros and PT[1] is all zeros, a difference would not be possible. Therefore, use of the prior encrypted output of a previous subframe conveniently permits a difference to be obtained.
The application of the foregoing encryption and decryption operations to the modem processing of
The effective establishment of an appropriate encryption key in order to permit secure communication between two modems, and the changing of the encryption key in a rollover process during communication are essential processes in a reliable secure system. The establishment of the encryption key may be required in either bi-directional or unidirectional communication systems. Similarly, key rollover may be required for both types of communication links.
The establishment of a key for bi-directional links is illustrated as a process in the flow chart of
Once the master keys are configured for the modems A and B that are communicating over the bi-directional link, the encryption is disabled and the key Id is set to zero at steps A-62 and B-62, respectively. The key Id remains at zero until a session key for communication is established, as subsequently described. Thereafter, the modem A at step A-63 will generate Key Material KMA that is used to establish a session key. The session key material is a 128-bit random bit-stream, which in the exemplary embodiment exists in an application layer and is not a key. Also, at the same time, modem A will establish an initial value for the component Nonce. As is known in the art, Nonce is a secret multi-byte value shared by encryptor and decryptor, and acts as an extension of the encryption key. At the initial step A-63, the Nonce field is filled with a 128 bit random number.
In step A-64, modem A acts as an initiating modem and generates and sends session key material KMA to modem B over the embedded channel. During this initialization phase, dummy overhead data and user data are sent together with the embedded channel data in the clear. The key number KN in the subframe header would be set to zero. Thus, only key exchange messages are sent over the embedded channel and multiplexed together with the overhead data and user data in dummy condition. Modem A's master key is used for the encryption process, which is accomplished using the standard AES-128-CTR or AES-128-CBC algorithms. In addition, at modem A, an algorithm is employed that tells whether the key exchange message is corrupted and is used for authentication. In this example, the well known Hashed Message Authentication Code (HMAC) is generated on the basis of the master key for modem A, using the standard AES-128-CCM or SHA-1 algorithm.
At modem A, the encrypted key initialization message KEX, which contains the Key Material KMA, key Id, and Nonce, all encrypted using Master Key A, is transmitted to modem B in step A-64. Again, the frame is not encrypted and the key Id equals zero in the subframe header. The transmitted message is received at modem B at step B-63. Upon receipt at modem B, a similar Key Message generating process is engaged.
On the basis of the received message from modem A, modem B will fetch a key from a local database, decrypt and authenticate the received message from modem A (not shown). On the basis of the extracted and fetched information, modem B then generates Key Material KMB at step B-64. In particular, modem B generates and sends session key material KMB to modem A over the embedded channel in step B-65, together with control data and user data having values of all zeros as a dummy signal. The session key material is again a 128-bit random bit string, the key Id is set to zero, and the key message KEX is software encrypted at the application layer. Modem B's master key is used for encryption and HMAC generation. The Nonce field is not freshly generated but is copied from the message from modem A, so that it may subsequently be used for verification of successful transmission.
As illustrated in
Key exchange is implemented using a message format as illustrated in
An important element in the frame 700 is the KM message 740. Only a part of that message may be encrypted and includes the message data 745, pad 746, pad length 747, and HMAC 748. In the case of the establishment of a key, the master key is the sender's own key since the receiver's key is not yet known. Within the message data, as previously noted, the Nonce is a random number that is sent back by the modem B to determine whether the correct number has been sent. This is used to verify by response that the key has been received. However, the invention is not limited to this type of transmission, and various modifications thereto would be apparent to those skilled in the art and are intended to be encompassed within the scope of the invention.
Referring back to
Once the session encryption key SK is established, at step A-67 modem A enables its encryptor, using the session key SK and its key Id set to 1. At this point, overhead data and user data transmission are also enabled, and transmission of TDM frames from modem A to modem B, using the Key Id equal to 1, begins at step A-68.
At step B-67, modem B programs its receiver for decryption using the session key SK and key Id equal to 1 as well. At step B-68, modem B starts receiving frames sent by modem A with the key Id equal to 1 and begins decrypting subframe data at B-69 when it sees a non-zero key number in the received subframe header. Prior to this, during the establishment of synchronization, the key number would be zero.
Session key establishment for transmissions from modem B to modem A is independently done in a similar manner. In the exemplary but non-limiting embodiment used to explain the invention, the establishment of a session key in the modem A to modem B direction is set first, followed by the establishment of a session key for transmissions in the modem B to modem A direction. As would be understood by one skilled in the art, it is possible that decryption may get enabled in one direction before session key establishment for the other direction is complete.
As previously noted, the present invention is particularly applicable to mobile or satellite communications where interruption of a continuous communication is likely. Thus, if there is a loss of sync, an attempt at resync, and a failure to reestablish embedded channel communications for a configured amount of time, then the key initialization procedure over unencrypted channels is reexecuted. This ability to restore by self-synchronization is an important feature of the present invention.
In addition to establishment of a key in a bidirectional communication environment, a periodic changing of the key for security purposes using a rollover technique is also important. Key rollover may be very similar to the key establishment procedure, however, encryption remains enabled during the rollover of a key message exchange. In the process as illustrated in
In this regard, assuming that transmission has been successfully conducted using a given key Id (e.g., =1), modem A will generate Key Material KMA, Nonce and a new key Id (=2 in the example) at step A-81. Then, at step A-82, the KEX message, , having the format illustrated in
At both modem A and modem B, a session Key SK is established using a hash function on KMA and KMB, as illustrated in steps A-84 and B-84, respectively. In step A-85, the encryptor (240 in
As with the establishment of keys in the modem A to modem B direction and the modem B to modem A directions, key rollover for the modem B to modem A direction is conducted independently.
While bi-directional communication between modem A and modem B is preferred, unidirectional links may also be established. In such case, session encryption keys can be pre-configured manually on both modems, both for initialization and ahead of time for rollover. The rollover can be performed by the transmitter at pre-determined times. Alternatively, key management and rollover can be established by a dynamic process, as subsequently explained.
With reference to
At modem B, the KEX message is received at steps B-92 and B-93. At both modems, on the basis of the generated and transmitted KMA, and a previously known KMB (a preconfigured constant that need not be not secure), a session key SK is generated locally using a hash function on KMA and KMB at steps A-96 and B-94, respectively.
Once the session key SK is known at modem A, the encryptor in the transmitter is programmed with key Id=1 and the key equal to the session key SK at step A-97. Thereafter, frames are sent from modem A to modem B using key Id=1 at step A-98.
At modem B, once the session key SK is known, the decryptor in the receiver will be programmed with a key Id=1 and a key equal to SK at step B-95. This enables the receiver to receive frames with key Id=1 at step B-96 and decrypt the frames when a key Id=1 is detected, at step B-97.
The dynamic rollover for unidirectional links is conducted in a similar manner, as illustrated in
At both modem A and modem B, a session Key SK is established using a hash function on KMA and KMB, as illustrated in steps A-104 and B-103, respectively. In step A-105, the encryptor (240 in
Again, session encryption keys can be configured manually on both modems ahead of time for rollover. Rollover can be performed by the transmitter in a unidirectional mode at pre-configured times.
While the foregoing key exchange technique has been described and represents one exemplary embodiment, other well-known ways to perform key exchange and authentication, which include those based on Diffie-Hellman, elliptical curve cryptography and RSA, may be applied.
Other advantages include the ability to implement the underlying AES firmware as a small hardware item. The encrypter is a simple, in-line, stream-oriented encrypter. The firmware requires AES-128 encryption logic only, replicated twice, with no decryption logic. Further, the AES firmware need deal with only a single AES session and key combination.
While the foregoing description is directed to certain exemplary embodiments, the invention disclosed herein is not limited thereto, but is to be defined by the appended claims.
Claims
1. A method of establishing a key for encrypted communication over a communication link between a first and a second modem, each modem having a respective first and second master key, comprising:
- disabling frame encryption and setting a key Id to a first value;
- generating a first key material for said first modem;
- transmitting a message that is encrypted using said first master key, said message comprising said first key material, from said first modem to said second modem via an encrypted frame over said link;
- receiving said first key material at said second modem and generating a second key material;
- generating session keys at each of said first and second modems;
- programming an encryptor at said first modem with a second key Id and said session key, and programming a decryptor at said second modem with said second key Id and said session key;
- enabling encryption at said first modem and transmitting information in encrypted frames using said second key Id, and
- receiving said encrypted frames at said second modem and decrypting said encrypted frames when frames with said second key Id are received.
2. The method of establishing a key for encrypted communication, as set forth in claim 1, further comprising,
- at said second modem, after said step of receiving said first key material, sending said second key material encrypted using said second master key, to said first modem over said link without encrypting said frame.
3. The method of establishing a key for encrypted communication, as set forth in claim 1, further comprising,
- at said first modem, said step of transmitting a first key material includes transmitting said material a plurality of times.
4. The method of establishing a key for encrypted communication, as set forth in claim 1, wherein said step of generating session keys comprises processing said first key material and said second key material together.
5. The method of establishing a key for encrypted communication, as set forth in claim 4, wherein said processing comprises hashing said first and second key materials.
6. The method of establishing a key for encrypted communication, as set forth in claim 1, wherein said generating step further comprises generating a Nonce signal and said transmitting step comprises transmitting said Nonce signal with said first key material.
7. The method of establishing a key for encrypted communication, as set forth in claim 1, further comprising:
- pre-establishing a plurality of key ID signals, at least one key ID signal indicating at least a part of a frame is not encrypted and at least two key ID signals identifying a key used for encrypting at least a part of a frame of transmitted data, and
- assigning one of said plurality of key Id signals to transmitted data,
- wherein, said step of transmitting first key material further comprises transmitting said assigned key Id signal.
8. The method of establishing a key for encrypted communication, as set forth in claim 7, wherein said assigned key Id signal is transmitted in a header of at least a part of an information frame.
9. The method of establishing a key for encrypted communication, as set forth in claim 8, wherein said information frame comprises a plurality of sub frames, each subframe having header containing said assigned key Id signal.
10. The method of establishing a key for encrypted communication, as set forth in claim 1, wherein a plurality of modems are in a group and all of said modems are assigned a common master key, said master key being used for encrypting the transmitted message from any modem in said group.
11. A method of generating a new key for encrypted communication over a communication link between a first and a second modem, each modem having a respective first and second master key, comprising:
- generating a first key material for said first modem and selecting a second of a plurality of pre-established key Id signals, each representing a respective key for use in encrypting at least a part of a frame of transmitted data,
- transmitting a frame of data that is encrypted using a key represented by a first key Id signal and contains a message that is encrypted using said first master key, said message comprising said first key material and said second key Id signal, from said first modem to said second modem over said link,
- receiving said first key material at said second modem and generating a second key material;
- generating session keys at each of said first and second modems;
- programming an encryptor at said first modem with a second key Id and said session key, and programming a decryptor at said second modem with said second key Id and said session key;
- commanding encryption at said first modem to said second key Id and transmitting information in encrypted frames using said second key Id,
- receiving said encrypted frames at said second modem, decrypting said received frames using a key represented by said first key Id; and
- switching to the key represented by said second key Id based upon receipt of a frame with said second key Id.
12. The method of generating a new key for encrypted communication, as set forth in claim 11, further comprising,
- at said second modem, after said step of receiving said first key material, sending said second key material and second key Id encrypted using said second master key, to said first modem over said link using a key corresponding to said first key Id.
13. The method of generating a new key for encrypted communication, as set forth in claim 11, further comprising,
- wherein said generating step further comprises generating a Nonce signal and said transmitting step comprises transmitting said Nonce signal encrypted using said first master key together with said first key material.
14. The method of generating a new key for encrypted communication, as set forth in claim 11, wherein said step of generating session keys comprises processing said first key material and said second key material together.
15. The method of generating a new key for encrypted communication, as set forth in claim 14, wherein said processing comprises hashing said first and second key materials.
16. The method of secure transmission, from a first modem to a second modem over a communications link, of user information in a first channel that is represented by overhead information in a second channel, comprising:
- generating an encryption key at a key manager;
- creating content for a third channel containing said at least one encryption key;
- multiplexing the content of said first channel, said second channel and said third channel to create a multiplexed output signal;
- encrypting said multiplexed output signal using said encryption key to generate an encrypted signal; and
- transmitting said encrypted signal over said communications link.
17. The method of secure transmission as recited in claim 16, further comprising:
- combining at least one of UDP, IP and GFP formatting with said encryption key to create said content for said third channel.
18. The method of secure transmission as recited in claim 16, further comprising buffering at least one of said content for said first channel, second channel and third channel prior to said multiplexing step.
19. A secure modem, adapted to transmit encrypted information to a second modem over a communications link, comprising:
- an input for user information on a first channel;
- an input for overhead information on a second channel,
- means for generating an encryption key at a key manager;
- means for creating content for a third channel containing said at least one encryption key;
- a multiplexer operative to multiplex the content of said first channel, said second channel and said third channel to generate a multiplexed output signal;
- an encryptor operative to encrypt said multiplexed output signal using said encryption key to generate an encrypted signal; and
- a transmitter for transmitting said encrypted signal over said communications link.
20. The secure modem as recited in claim 19, further comprising a source of at least one of UDP, IP and GFP formatting and means for combining said formatting with said encryption key to create said content for said third channel.
21. The secure modem as recited in claim 19, further comprising a buffer for buffering at least one of said content for said first channel, second channel and third channel prior to said multiplexer.
22. A system for secure communication comprising:
- at least a first secure modem and a second secure modem, and
- a communications link coupling said first and second modems,
- wherein each said secure modem is adapted to transmit encrypted information to another secure modem over said communications link, each modem comprising:
- an input for user information on a first channel;
- an input for overhead information on a second channel,
- means for generating an encryption key at a key manager;
- means for creating content for a third channel containing said at least one encryption key;
- a multiplexer operative to multiplex the content of said first channel, said second channel and said third channel to generate a multiplexed output signal;
- an encryptor operative to encrypt said multiplexed output signal using said encryption key to generate an encrypted signal; and
- a transmitter for transmitting said encrypted signal over said communications link.
Type: Application
Filed: Jul 3, 2006
Publication Date: Jan 3, 2008
Patent Grant number: 7565539
Applicant:
Inventor: Anil Agarwal (North Potomac, MD)
Application Number: 11/478,639
International Classification: H04L 9/00 (20060101);